I need to provision a large number of linux devices on multiple locations and put them all on a VPN. Configuring each device manually is too tedious. I was thinking of spinning up a server with a small HTTP api to exchange keys and configure wireguard on both sides. Then each device would call this server to register itself. And while I am a it I thought I could throw together a minimal admin ui that I could use for example to manually remove peers.
I red the 'Web App provisioning Server' which I believe describes a possible solution for this use case. But I am confused with the whole data storage thing. Where do configuarations live? Are the configuration files at /etc/whireguard/ the source of truth? If I edit these when is the list of peers refreshed? The above mentioned document suggests shelling out to command line tools. Is this the recommended way. Does a general purpose library for managing wireguard config exist?
_______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
